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ABSTRACT 


Cloud computing, since its inception, has undergone continuous improvements. Now federated cloud is 
realized with seamless integration of diversified clouds. In this context, it is essentially and multi-owner and 
multi-user environment where security to data of data owners is to be given paramount importance. 
Supporting data sharing with security in place and enabling users to perform keyword search on the encrypted 
content is indispensable in such environment. The existing schemes suffer from performance issues in 
complex multi-owner and multi-user scenarios in federated cloud setting. To address this problem, in this 
paper, we proposed a security scheme that enables efficient data sharing across users. Users are able to access 
data of multiple data owners by generating trapdoors. Different algorithms are proposed to realize the scheme. 
With empirical study, it is observed that our scheme is able to support secure and efficient data sharing in 
federated cloud environment. Our scheme performs better than existing ones in terms of storage overhead 
and execution time. 

Keywords — Secure Data Sharing, Cloud Computing, Federated Cloud, Aggregate Key Sharing, Cloud Data 

Security 


1. INTRODUCTION 


In cloud based applications secure data sharing is 
an essential requirement. However, flexibility and 
sophistication in group data sharing is the main 
focus of this paper. Data owners who use cloud 
infrastructure for storage and data sharing to their 
users usually encrypt the data prior to sending to 
cloud. Such data is secure in transit and also when 
it is at rest. However, the data owners need to use 
aggregate keys and share them to users in order to 
help them generating trapdoors to search for 
required files on encrypted content in cloud. In 
presence of adversaries, it is important to have 
secure and efficient algorithms for protecting data 
and also prevent any kinds of attacks. Towards 
this end, many data security schemes came into 
existence. Out of them searchable encryption 


schemes became popular for cloud environments. 
However, they suffer from overhead and time 
complexity in presence of multi-owner and multi- 
user environments. 


Miao et al. [1] addressed by Verifiable SE 
Framework, which also offers dynamic updates 
and multi-keyword search. Improved VSEF 
exhibits adaptability. The framework is expanded 
upon by further study. Fu et al. [4] enhanced 
security and cutting storage costs in cloud storage 
is possible with a multi-cloud searchable 
encryption technique built on a double-layer 
block chain. Xu et al. [7] mitigated the constraints 
of delegated searchable encryption (DSE), a 
technique is implemented that limits users to 
specific terms in order to protect user privacy. 
Shown by trials to be useful. Yao et al. [15] 
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suggested key-aggregate encryption and 
searchable encryption based on lattices to protect 
against quantum assaults and provide effective 
cloud storage for searchable group data sharing. 
Manohar et al. [20] utilized KASE to combat the 
problem of safely exchanging encrypted data in 
public cloud storage. Erande and Ranmalkar [24] 
observed that shared data must be selectively 
encrypted due to security concerns raised by cloud 
data breaches. It is observed from state of the art 
that there is need for improving security and 
efficiency of schemes for federated cloud 
environment. Our contributions in this paper are 
as follows. 


1. Proposed a secure data sharing scheme 
that facilitates users to access data of 
many data owners by _ generating 
trapdoors. 

2. The scheme supports federated cloud 
where many data owners can share data 
to multiple users. 

3. Our scheme performs better than 
existing ones in terms of efficiency, 
storage overhead and execution time. 

The structure of rest of the paper is as follows. 
Section 2 focuses on literature review of many 
existing schemes. Section 3 describes our scheme 
for federated cloud. Section 4 provides empirical 
observations of our research. Section 5 discusses 
uniqueness of our scheme and its limitations. 
Section 6 concludes our work and provides scope 
for future work. 


2. RELATED WORK 


This section reviews many existing security 
schemes useful for secure data sharing in 
distribute environments. Miao et al. [1] addressed 
by Verifiable SE Framework, which also offers 
dynamic updates and multi-keyword search. 
Improved VSEF exhibits adaptability. The 
framework is expanded upon by further study. 
Zhou et al. [2] deployed for ambient data using 
cloud-assisted Industrial oT. loT device expenses 
are mitigated by cloud storage. Proposed is 
keyword encryption as a secure and effective 
method for device search. Zhang et al. [3] 
presented for safe voice retrieval in cloud storage 
using multiuser searchable encryption. Makes use 
of LSTM, SE, and CP-ABE for privacy. Fu et al. 
[4] enhanced security and cutting storage costs in 
cloud storage is possible with a multi-cloud 
searchable encryption technique built on a 
double-layer block chain. Sun et al. [5] observed 
that by combining CP-ABE with auditing for data 


integrity and attribute revocation, a workable 
multi-keyword searchable encryption system 
improves efficiency and security. Shahien et al. 
[6] improved speed and security, the proposed 
Multi-Server Searchable Data Crypt (MS-SDC) 
splits encrypted data into blocks. Multithreading 
for speed and keyword extraction are features. 


Xu et al. [7] mitigated the constraints of delegated 
searchable encryption (DSE), a technique is 
implemented that limits users to specific terms in 
order to protect user privacy. Shown by trials to 
be useful. Sangeetha et al. [8] optimized cloud- 
based PHR for effective storage, search, and 
sharing by integrating CM-SABE, DLBRE, and 
approved deduplication. Demonstrated to boost 
output. Brij et al. [9] proposed decentralized 
ABSE scheme for healthcare CCPS aims to 
improve efficiency and eliminate single points of 
failure by utilizing blockchain technology to 
spread computing burden. Xiao et al. [10] 
suggested multi-keyword ranked search system, 
or MSMR, improves the security and performance 
of encrypted data retrieval in cloud storage. 
Sharma et al. [11] demonstrated through 
theoretical analysis and simulations that MWMR- 
BKSE provides secure Boolean searches with a 
minimal computing cost. 


Liu et al. [12] presented the innovative ICA-IBSE 
scheme, which emphasizes practicality, less 
storage, and proven security for effective 
encrypted data search in cloud computing. Varri 
et al. [13] introduced CP-ABSEL, a searchable 
encryption for cloud storage that uses a lattice to 
provide quantum security and efficient access 
management while protecting data privacy. 
Zarezadeh et al. [14] enhanced searchable 
encryption with access control for cloud storage 
was introduced, resolving problems’ with 
Pasupuleti et al.'s approach and guaranteeing 
efficiency and = security in  multi-keyword 
searches. Yao et al. [15] suggested key-aggregate 
encryption and searchable encryption based on 
lattices to protect against quantum assaults and 
provide effective cloud storage for searchable 
group data sharing. Martin et al. [16] addressed 
lattice reduction procedures, analyses algorithms, 
and estimates resources in order to assemble 
hardness results for particular cases of the 
learning with errors (LWE) issue. 


Bindel et al. [17] analysed several attacks and 
techniques for the Learning with Errors (LWE) 
issue within a limited amount of samples. Pol and 
Priyadarshi [18] explored and observed that by 
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using global secret keys, asymmetric key 
management, and key aggregation, the suggested 
solution protects integrity and privacy in cloud 
computing. Feng and Si et al. [19] combined 
public key authentication with searchable 
encryption to provide a certificate less searchable 
encryption solution for many users that improves 
security and efficiency against keyword guessing 
attacks. Manohar et al. [20] utilized key aggregate 
searchable encryption (KASE) to combat the 
problem of safely exchanging encrypted data in 
public cloud storage. Anusha et al. [21] suggested 
key aggregate searchable encryption (KASE) as a 
solution to the problem of safe data sharing in 
public cloud storage. 


Goutham et al. [22] studied selective encrypted 
data exchange which is essential in public cloud 
storage. Practical privacy is provided by key 
aggregate searchable encryption (KASE), which 
effectively handles keys. Kamimura et al. [23] 
introduced two provably secure techniques and 
explore KASE security. Although the primary 
construction assures privacy in a two-server setup, 
the first construction ensures security without 
adding to computational expenses. Practicality 
and verifiable security are achieved by both 
systems. Further efforts will encompass 
optimizing efficiency and developing a universal 
framework for all broadcast encryption and 
aggregate signatures. Erande and Ranmalkar [24] 
observed that shared data must be selectively 
encrypted due to security concerns raised by cloud 
data breaches. The proposal for Key-Aggregate 
Searchable Encryption (KASE) tackles real-world 
problems related to safe sharing, with a focus on 
trapdoor minimization and federated cloud 
support. Rane et al. [25] introduced constant-size 
ciphertexts for delegation and focuses on safe, 
effective data exchange in cloud storage. Sharing 
of practical data is facilitated by the proposed key- 
aggregate searchable encryption scheme (KASE). 
Future considerations, however, will include 
lowering trapdoors in multi-owner scenarios and 
modifying KASE for federated clouds. Lee et al. 
[26] provided a KASE strategy for data sharing 
without a Trusted Third Party (TTP) in order to 
overcome privacy issues in cloud servers. The 
new approach provides protection against several 
types of attacks, mutual authentication, multi- 
delegation, and keyword verification. 


Kavatagi and Rachh [27] implemented a 
searchable encryption with key aggregation to 
address the security of cloud computing. It 
provides quick document retrieval using a 


trapdoor and allows secure sharing with a single 
key. The goal of future research is to minimize 
trapdoors in situations with many owners. Sonkar 
and Wakchaure [28] discussed safe cloud data 
sharing, emphasizing effective search functions, 
key management, and encryption. The Key- 
Aggregate Searchable Encryption (KASE) 
technique adds synonym search for increased 
performance, provides flexible authorization, and 
improves security. Experimental findings show 
enhanced security, efficiency, and performance of 
the system. Gadekar and Pradip [29] addressed 
security issues with cloud data sharing because to 
data breaches. The study promotes cloud-based 
effective key storage and data exchange, 
emphasizing the advantages of key aggregation 
for maximum throughput and best space use. 
Rekesh and Anoop [30] provided efficient 
cryptographic data sharing in cloud storage. A 
single aggregate key is used for big document sets 
in this manner to enable secure sharing. Users 
provide cloud querying with a single aggregate 
gateway. An ideal option for realistic data sharing 
in public cloud storage is offered by the suggested 
method, which improves security and efficiency. 
Reviewing approaches and highlighting KASE's 
efficacy, it takes into account the difficulties in 
exchanging data without leaking. Upcoming 
efforts will focus on reducing trapdoor creation 
and addressing multi-owner data sharing 
difficulties. Bankar and Sidramappa [31] 
addressed by encrypting all data before uploading. 
It is difficult to manage and distribute keys for 
encryption and search in a safe manner, though. 
Key-Aggregate Search Encryption (KASE), a 
unique technique, suggests an effective key 
distribution scheme for cloud data access. The 
solution enables safe, useful, and private data 
sharing using Role-Based Access Control 
(RBAC) and secure revocation for untrusted users 
in a cloud context, addressing overlooked 
practical difficulties. 


Thakre et al. [32] found that although file 
deployment and sharing are available with cloud 
computing, security is an issue. Secure, scalable 
data exchange is made easier with key-based 
encryption. Bagga [33] existed data security 
techniques are vulnerable to legal threats. Access 
control and encryption are combined in a 
suggested solution to solve these problems and 
offer strong security for sensitive data. Brindha et 
al. [34] enhanced key-aggregate searchable 
encryption, is a suggested solution that effectively 
and safely handles these problems. Subsequent 
research endeavours to optimize keys for 
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increased effectiveness. Samalla et al. [35] 
explained cloud computing privacy concerns and 
introduces Key Aggregate Searchable Encryption 
(KASE), a safe data sharing method. Sumeen et 
al. [36] presented KASE, addressing privacy 
concerns and offering effective solutions, 
enabling safe data sharing in cloud storage. 


Gayathri and Srinaganya [37] enhanced security 
for remote access services, and the proposed Key 
Tree (KTR) system effectively maintains keys for 
safe transmission in distributed storage. Wang et 
al. [38] presented the EVKAKSE system to solve 
security and efficiency issues in cloud data 
sharing. In the event that an assist server is not 
there, the structure takes efficiency and security 
into account without sacrificing data integrity. 
The goal of future research is to improve the 
algorithm such that it can remove the help server 
without sacrificing security. Wang et al. [39] 
addressed the issues of key generation and 
trapdoors while concentrating on effective 
keyword search on encrypted data stored in cloud 
storage. Prioritizing efficiency and security, the 
study provides information on how to thwart 
hostile user and server collaboration. Future 
research seeks to find more effective treatments. 
Guo et al. [40] suggested the use of a key- 
aggregate authentication mechanism to allow safe 
data exchange in dynamic cloud storage. 
Addressing issues with dynamic cloud storage, 
the method is both leakage-resistant and cost- 
stable. Notwithstanding some restrictions, the 
plan has potential uses in a number of contexts, 
such as searchable encryption in cloud storage and 
patient-controlled encryption. Su et al. [41] 
introduced Verifiable Multi-Key Searchable 
Encryption (VMKSE) that ensures efficiency and 
verifiability against hostile entities while enabling 
safe data exchange in multi-user scenarios 
through the use of Garbled Bloom Filter. From the 
literature, it was observed that the existing data 
sharing schemes suffer from mediocre 
performance in multi-owner and multi-user 
setting and not designed for federated cloud 
environments. 


3. PROPOSED SECURITY SCHEME 


This section presents our proposed scheme and 
also algorithms required for realization of the 
scheme. 


3.1 Problem Definition 


Secure data sharing in cloud based applications 
among groups of users is challenging. In multi- 


user and miulti-owner federated cloud 
environment, development of a data sharing 
scheme with security is the challenging problem 
considered. 


3.2 Federated Cloud 


Federated cloud, as shown in Figure 1, is the 
integration of various clouds for ultimate 
scalability and elasticity. Imagine a world where 
you could seamlessly move workloads and data 
between different cloud providers, leveraging the 
best of each while maintaining centralized control 
and governance. That's the essence of cloud 
federation - Deploying and managing multiple 
cloud services (public, private, community) from 
different providers to create a unified computing 
platform. Intermediary between cloud coordinator 
and broker, evaluating expenses, requirements, 
and suppliers Resources are assigned by Cloud 
Coordinator according to user credits in the cloud 
bank and their requests. By working with cloud 
coordinators and examining the resources 
provided by various cloud providers in cloud 
exchange, Cloud Broker finds the best bargains 
for clients. Centralized or decentralized user 
interaction. Applications, both for profit and non- 
profit, MaaS and global visibility monitoring an 
offer/demand procedure that is centralized. 
Federation-based consumption of infrastructure, 
software, and platform. Lower use of energy, 
heightened dependability, Cost-effectiveness and 
scalability, worldwide communication and 
service sharing. 


Federated Cloud 


‘Cloud 4 [- Cloud 2 
7 gee _ ra 


Cloud 3 


as 2 


Figure 1: Illustration Of Federated Cloud 


Demand _ distribution across __ providers, 
Interoperability in diverse environments and 
Building a seamless user experience are the 
challenges. There are three different kinds of 
technology that support cloud federation and 
cloud services. They’re Eucalyptus is an open- 
source framework for accessing cloud resources, 
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whereas Aneka Coordinator facilitates cloud 
service interaction (proposal of the Aneka 
services and Aneka peer components). Open 
Nebula is a cloud computing platform that 
manages remote data centres and resources. In 
summary, cloud federation provides an adaptable 
and affordable way to combine resources from 
many cloud providers, but complexity, security, 
and standards must be carefully considered. 


3.3 System Model 


Upload after 
encryption 


io fo 


Data Owner Data Owner 


Our system model has provision for federated 
cloud and an adversary might launch attacks to 
break security. In presence of an attacker, the 
system model is designed and based on that our 
entire security scheme is built. The system model 
enables multiple data owners to save their data in 
cloud in encrypted format and share the required 
keys to designated users. The system model also 
has provision for an attacker who tries to break the 
system. Our system model is shown in Figure 2 on 
top of which the proposed security scheme is 
built. 


Attack 
< \ pian aie ieee mena emmete wets 


Attacker 


User Search 


Data User 


Figure 2: System Model For The Proposed Secure Data Sharing Scheme 


In federated cloud environment with multi-owner 
and multi-user setting, the proposed scheme is 
implemented. Multiple data owners can send their 
data to cloud after performing encryption. They 
also save keywords for search in order to help 
users to access their data with given trapdoor. 
With trapdoors, designated users can perform 
keyword search on the shared documents. Thus 
controlled access is exercised in the proposed 


system. The scheme facilitates search facility 
using trapdoors. In other words, users can access 
shared documents with the help of search 
keywords. The proposed scheme _ exhibits 
compactness where the trapdoor size does not 
depend on number of data owners or documents. 
The scheme also exhibits keyword privacy as 
attackers cannot gain sensitive information from 
keywords. Data owners provide aggregate keys to 
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users for generating trapdoors. Aggregate keys are 
generated in such a way that they cannot be forged 
by adversaries. 


3.2 Our Scheme 


We proposed complete security scheme that is 
based on the concepts of aggregate signatures and 
broadcast encryption. Thus it serves secure data 
sharing in multi-owner and multi-user setting. Set 
of users can get access to shared content and they 
can perform keyword search. The cipher text also 
has indices of users embedded. Thus the scheme 
is suitable for searchable encryption. The scheme 
is also designed to protect keywords from privacy 
attacks. The construction of aggregate keys is 
based on the notion of aggregate signatures that 
helps in fixing the size that is impacted by number 
of users leading to compactness property. The 
following are different algorithms proposed to be 
part of the scheme. 


3.2.1 Setup Algorithm 


This algorithm is used to generate system 
parameters that are used in different operations 
involved in secure data sharing. This algorithm 
generates bilinear group and bilinear map such as 
B =(p,G,GT,e(-,-)) where order is denoted by p 
and it is designed such that G and 2?< p < 2”"1. It 
involves specifying number of documents 
denoted as n. Then a random number generated is 
employed. It is denoted as g € G and consider a € 
Zp before actually performing computation of gi= 
eg) € G.H: {0,1}*—> G is used to have a hash 
function. Eventually, public parameters denoted 
as params = (B,PubK,H) are generated. In the 
public parameters PubK =(g,91.,...,2n,8n+2,..-,22n) 
EG2., 


3.2.2 KeyGen Algorithm 


This algorithm uses the parameters obtained 
through the setup algorithm and generates 
secret key required for secure data sharing. In 
the process, it uses B €Zp as a random value. 
Then a secret key is generated which is 
associated with B. 


3.2.3 Encrypt Algorithm 


This algorithm is used to perform encryption on 
given data. It is executed by data owner to 
protect data. It takes different inputs such as 
params (generated by setup algorithm), sk 
(secret key generated by KeyGen algorithm), i 
and wl for generating encrypted keyword. 
Towards this end, a random number, denoted as 
tii € Zp, picked. Then, before encrypting a 


keyword, the algorithm computes desired 
variables as expressed in Eq. 1. 


; til 
Cri = g%, Coin = (98.91) "; C3i1 = 
e(H(wp), g)‘Wl 
e(g1, gnj‘il (a) 


These variables are used by the algorithm to 
complete encryption process. 


3.2.4 Extract Algorithm 


Extract is the algorithm used to generate 
aggregate key. It takes a set of documents S of 
data owner, secret key sk and params as input 
and generates kage. As subset of documents 
from S (S € [1,n]) is considered for generating 
aggregate key as in Eq. 2. 

Kagg =. (2) 

JESIn+1—j 


3.2.5 Trapdoor Algorithm 


This algorithm is meant for generating trapdoor 
efficiently. It takes system parameters, set of 
documents, wl and kage as input and compute 
trapdoor. For each document in S, the 
algorithm computes trapdoor as in Eq. 3. 


Tr = Kage * H(wi) (3) 


3.2.6 Adjust Algorithm 


This algorithm is used to compute trapdoor 
outcome for set of given documents. For each 
document in S, it produces trapdoor output by 
using the expression in Eq. 4. 


Tri = Tr - WjeSj6=ignt 1H. (4) 


3.2.7 Test Algorithm 


This algorithm plays important role in the 
proposed scheme. It helps in matching given 
document and keyword in the process of secure 
data access. It takes set of documents S, encrypted 
data ci), and trapdoor outcome as inputs. From the 
trapdoor outcome, it performs the computation 
expressed in Eq. 5 for each keyword. 


e(Tri, C11) Ca 

e(Crit» pub) a @) 
Where pub = Tjes ae 
The result of the Eq. 5 is either true or false, based 
on validation test, which determines an action 
while accessing data from cloud. When compared 
with existing schemes found in [41] and [42], our 
scheme has specific advantages in trapdoor 
generation and improving performance of secure 
data sharing. The existing schemes used various 
random numbers per document. In other words, 
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they used same random number for each 
encrypted keyword in the document. The idea of 
using same random number enables attacker to 
gain access to original keyword. To address this 
problem, in the proposed scheme, unique random 
number is used for each document. Thus, the 
proposed scheme satisfies correctness and 
searcheability. In the proposed scheme the 
trapdoor size does not rely on S. The reason for 
this is expressed as in Eq. 6. 


Kagg od Miesg? yj oe a aie . 
G (6) 


As mentioned earlier in this section, the proposed 
scheme exhibits compactness and privacy of 
keywords. Besides forging aggregate key by 
adversaries is not possible. 


4. EXPERIMENTAL RESULTS 


We built a Java based standalone application to 
evaluate proposed scheme and compare it with 
two existing schemes such as_ Verifiable 
Searchable Encryption (VSE) [41] and KASE for 
Group Data Sharing [42]. Each operation is 
executed for 50 times and average observations 
are presented in this section. 


Table 1: Storage Overhead In Presence Of Many Data 


Owners 
# Data | Storage Overhead (bytes) 
Owners KASE- 
GDS 

250 25000 

500 45000 

750 100000 

1000 175000 

1250 225000 

1500 250000 


As presented in Table 1, the storage overhead 
against number of data owners, due to trapdoor 
generation, is observed for VSE, KASE-GDS and 
the proposed schemes. 
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Figure 3: Storage Overhead In Presence Of Many 
Data Owners 


As presented in Figure 3, performance of our 
scheme is compared against VSE and KSE-GDS 
in terms of storage overhead. The observations are 
made in presence of many data owners. As the 
number of data owners are increased, storage 
overhead is increased gradually for existing 
schemes. Due to trapdoor efficiency in the 
proposed scheme, it does not incur storage 
overhead. It is observed in the results that the 
proposed scheme required 500 bytes storage 
overhead for different number of data owners. 


Table 2: Impact Of Number Of Shared Documents On 
System Parameters’ Size 


Size of System 
Parameters 
# Shared | KASE- VS | Propos 
Documents GDS E ed 
10 30 28 | 10 
50 100 98 | 75 
100 350 330 | 140 
200 700 980 | 205 
163 
300 1050 0 270 
228 
400 1400 0 335 
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293 
500 1750 0 400 
358 
600 2100 0 465 
423 
700 2450 0 530 


As presented in Table 2, the impact of number of 
shared documents on system parameters’ size in 
presence of number of shared documents is 
observed for VSE, KASE-GDS and the proposed 
schemes. 


Proposed MVSE imlKASE-GDS 


700 
600 
500 
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300 
200 
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90 § Bo 
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10 


Number of documents shared by data owner 


Figure 4: System Parameters’ Size In Presence Of 
Many Shared Documents 


As presented in Figure 4, performance of our 
scheme is compared against VSE and KSE-GDS 
in terms of parameters’ size. The observations are 
made in presence of many documents shared by 
data owners. As the number of documents is 
increased, size of system parameters is increased 
gradually for existing and proposed schemes. 
However, the parameters’ size of the proposed 
system is least for each set of documents shared 
by data owners. When the number of documents 
is 700, KASE-GDS showed 2450, VSE showed 
4230 and the proposed scheme needed 530. 
Therefore, it is observed that our scheme is better 
in comparison with existing ones. 


Table 3: Computation time analysis in presence of 
many keywords 


Computation Time (ms) 
# KASE- VS_ | Propose 
Keywords | GDS E d 


500 100 | 10 


As presented in Table 3, computation time is 
provided in presence of many keywords for VSE, 
KASE-GDS and the proposed schemes. 


Proposed mVSE im™KASE-GDS 
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Figure 5: Time Required For Encryption In Presence 
Of Many Keywords 
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As presented in Figure 5, performance of our 
scheme is compared against VSE and KSE-GDS 
in terms of computation time. The observations 
are made in presence of many keywords. As the 
keywords are increased, computation time is 
increased gradually for existing and proposed 
schemes. However, the computation time of our 
system is least for each set of keywords. In 
presence of 700 keywords, KASE-GDS showed 
10440 ms, VSE showed 7600 ms and our scheme 
needed 1500 ms. Therefore, it is observed that our 
scheme is better in comparison with existing ones. 


Table 4: Computation time of test algorithm in 
presence of many data owners 


Computation Time of Test 
Algorithm (ms) 
# Data | KASE- Propos 
Owners GDS VSE ed 
250 200000 200000 | 5000 
500 300000 300000 
750 400000 400000 
1000 500000 500000 
1250 600000 600000 
1500 700000 700000 | 5000 


Table 4 shows test algorithm’s computation time 
in presence of many data owners for VSE, KASE- 
GDS and the proposed schemes. 
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Figure 6: Time cost of test algorithm in presence of 
many data owners 


As presented in Figure 6, performance of our 
scheme is compared against VSE and KSE-GDS 
in terms of computation time of test algorithm. 
The observations are made in presence of many 
data owners. As presence of data owners increase, 
computation time is increased gradually for 
existing schemes. However, our system’s 
computation time requirement is constant 
irrespective of data owners. When the number of 
data owners is 1500, KASE-GDS showed 700000 
ms, VSE showed 700000 ms and the proposed 
scheme needed 5000 ms. Therefore, it is observed 
that our scheme is better in comparison with 
existing ones. 


Table 5: Test algorithm ’s computation time in 
presence of many keyword ciphertexts 


Computation Time of Test 
Algorithm (ms) 
# Keyword | KASE- Propo 
Ciphertexts GDS VSE sed 
10 10000 10000 | 10000 
50 65000 63000 | 10000 
100 100000 97000 | 10000 
58000 
200 200000 0 10000 


300000 


400000 


500000 


600000 


700000 


As presented in Table 5, test algorithm’s 
computation time is observed in presence of many 
keyword ciphertexts for VSE, KASE-GDS and 
the proposed schemes. 
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Figure 7: Test algorithm’s computation time in 
presence of many keyword cipher texts 


As presented in Figure 7, performance of our 
scheme is compared against VSE and KSE-GDS 
in terms of computation time of test algorithm. 
The observations are made in presence of many 
keyword ciphertexts. As the number of data 
keyword ciphertexts is increased, computation 
time is increased gradually for existing schemes. 
However, our system’s computation time is 
constant for each number of keyword ciphertexts. 
When the number of keyword ciphertexts is 700, 
KASE-GDS showed 700000 ms, VSE showed 
2995000 ms and the proposed scheme needed 
10000 ms. Therefore, it is observed that our 
scheme performs better than existing ones. 


5. DISCUSSION 


The proposed scheme presented in this paper has 
two significant advantages over prior works. The 
first contribution is the proposal of a security 
scheme that is flexible and help in secure group 
data sharing in cloud. The second contribution is 
that the scheme is designed for working in 
federated cloud environment where services of 
multiple clouds are seamlessly integrated. With 
the two significant contributions, the proposed 


scheme is more useful in secure group data 
sharing in cloud. 


5.1 Limitations 


The proposed scheme is evaluated in a simulated 
federated cloud environment. Therefore, it can be 
evaluated in future with more meaningful testbed 
to generalize our conclusions. Our scheme can 
also be improved to have single trapdoor to 
support users accessing data of many owners. 


6. CONCLUSION AND FUTURE WORK 


We proposed a security scheme suitable for 
federated cloud. In such environment data of 
multiple owners can be shared and trapdoors can 
be generated by users to perform keyword search 
to gain access to the desired data. The existing 
schemes suffer from performance issues in 
complex scenarios in federated cloud setting. 
Different algorithms are proposed to realize 
secure and efficient data sharing in cloud. The 
proposed scheme is designed to address the 
problems of existing schemes that involve in key 
aggregation, searchable encryption and trapdoor 
generation. Our scheme is evaluated and found 
that it performs better than existing schemes such 
as VSE and KASE-GDS. Our scheme has 
important limitation that could be addressed in our 
future work. As of now, our scheme needs 
multiple trapdoors for users to facilitate accessing 
data of many owners. Though our scheme is 
performing efficiently over existing ones, the 
aforementioned drawback is yet to be overcome 
in future for reducing overhead and improving 
efficiency further. 
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